Approach to Attack Path Generation based on Vulnerability Correlation
Network -attack path analysis is an important method for analyzing the security status of computer network, which can automatically analyze the correlation between network vulnerabilities and potential threats resulting from vulnerabilities. It plays a guiding role in establishing network security policy. This paper chooses NVD and Bugtraq as vulnerability data sources, and extracts key properties required to build a vulnerability database that mainly contains privilege escalation vulnerabilities in Linux system and common server software. An association analysis of vulnerabilities and related information is made and properties are abstracted to construct atomic attacks and corresponding atomic attack database. A-network attack model is constructed from network connection and host configuration. Via matching atomic attacks in attack database, the paper adopts state comparison algorithm to mine potential attack paths that . may lead to specified attack goals. The experiment verifies that the proposed approach can reduce the number of. attack states effectively and mine all non-redundant attack paths.
network vulnerability vulnerability correlation network attack atomic attack attack path generation
YU Xiaohong JIANG Jianhui SHUAI Chunyan
Department of Computer Science and Technology Tongji University, Shanghai 201804, China
国际会议
重庆
英文
1669-1674
2011-08-20(万方平台首次上网日期,不代表论文的发表时间)